Skillv1.0.0

ClawScan security

Medical Entity Extractor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 27, 2026, 11:48 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated behavior (local processing) conflicts with its recommendation to use the Claude API and it provides no credential or configuration guidance for that external service; this mismatch and the sensitivity of medical data make the package questionable until clarified.
Guidance: This skill appears to do what it says (medical entity extraction) but contains a key contradiction: it claims local processing while also recommending the Claude API/Anthropic model and gives no instructions for supplying API keys or controlling network use. Before installing or using it: 1) Confirm whether your OpenClaw setup will run the LLM locally or will send text to Anthropic; if it's the latter, get details on network endpoints and where API keys are configured. 2) Never run this on real patient-identifiable data until you verify where data will be transmitted and whether the external service and your organization meet legal/compliance (e.g., HIPAA) requirements. 3) Ask the publisher for source code or a provenance URL (there is no homepage/source listed) and for explicit instructions on how to configure model selection and credentials. 4) If you must process real PHI, prefer a verified local model or an explicitly approved, contractually-secure external endpoint and test first with de-identified data. If the publisher cannot clarify where data goes or how credentials are provided, treat the skill as unsafe for sensitive patient data.

Review Dimensions

Purpose & Capability: concernName, description, and SKILL.md outputs align with a medical-entity-extraction purpose — the extraction fields and examples are coherent. However, the skill references using the Claude API/Anthropic model while declaring no required credentials, endpoints, or environment variables, which is inconsistent with the stated purpose of local processing.
Instruction Scope: concernThe SKILL.md stays focused on extracting medical entities and does not instruct access to unrelated files or system paths. But it contains a direct contradiction: 'All processing happens locally via OpenClaw' followed immediately by 'No data is sent to external services (except Claude API for LLM processing)'. That grants the skill broad discretion to send sensitive PHI to an external LLM without describing where/how API credentials are supplied or where data would be transmitted.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest install risk. Nothing is downloaded or written to disk by an installer in the package.
Credentials: concernRequires no environment variables or credentials in registry metadata, yet recommends and explicitly references an external Anthropic model (Claude Sonnet 4.5). Sending data to an external LLM normally requires API credentials/config and network access; the absence of declared env vars or configuration guidance is a proportionality and transparency gap. Also, the skill intends to process sensitive medical (PHI) data but provides no guidance about HIPAA/compliance or how to keep data local.
Persistence & Privilege: okalways is false and there is no indication the skill requests persistent system-wide privileges or modifies other skills. Autonomous invocation is allowed (platform default) but not combined with 'always:true' or other elevated privileges.